Exploitdb Exploits
50,076 exploits tracked across all sources.
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
by Qualys Corporation
Websense TRITON 7.8.3 and V-Series < 7.8.4 - Authenticated Command Injection via CommandLineServlet
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.
by Han Sahin
Adobe Flash Player < 13.0.0.269 and 14.x-16.x < 16.0.0.305 - Remote Code Execution
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
by Metasploit
Spybot Search & Destroy 1.6.2 Security Center Service - Local Privilege Escalation
by LiquidWorm
Moodle < 2.5.9, 2.6.x < 2.6.9, 2.7.x < 2.7.6, 2.8.x < 2.8.4 - XSS via IMG Alt/Title
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
by LiquidWorm
Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)
by Mohamed Abdelbaset Elnoby
iPass Open Mobile < 2.4.4 - Authenticated Remote Code Execution via DLL Pathname in Unicode String
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
by Metasploit
Foxit Reader <7.0.6.1126 - Privilege Escalation
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
by LiquidWorm
WPML < 3.1.8 - Unauthenticated Arbitrary Post Deletion via Menu Sync Function
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
by Jouko Pynnonen
WordPress SEO by Yoast < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 - SQL Injection via order_by or order
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by Ryan Dewhurst
Joomla! Component com_simplephotogallery 1.0 - SQL Injection
by Moneer Masoud
Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC)
by Avinash Thapa
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
by Metasploit
CVSS 9.8
Intel Ethernet Diagnostics Driver IQVW32.sys and IQVW64.sys < 1.3.1.0 - Denial of Service via IOCTL Call
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
by Glafkos Charalambous
CVSS 7.8
WoltLab Community Gallery 2.0 - Stored Cross-Site Scripting via Image Title Parameter
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.
by ITAS Team
HP ArcSight Logger <6.0P1 - Unspecified Vuln
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.
by Horoszkiewicz Julian ISP_
Citrix NetScaler 10.5 - Firewall Bypass via Content-Type Header Manipulation
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
by BGA Security
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
by Metasploit
CVSS 9.8
Ubuntu Upstart <1.13.2-0ubuntu9 - Command Injection
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
by halfdog
Windows Text Services - Remote Code Execution via Crafted Website or File
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."
by Francis Provencher
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1 - Denial of Service via GIF Image LZWMinimumCodeSize
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
by Francis Provencher
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1 - Denial of Service via GIF Image LZWMinimumCodeSize
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
by Francis Provencher
CS-Cart 4.2.4 - Cross-Site Request Forgery via Password Change Request
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
by Luis Santana
By Source